Secure Federated Identity Service

1. A federated identity authentication system comprising: a user computer; one or more users requiring access to privileges from one or more identity services subscribers; an identity authentication provider having capabilities to securely authenticate a user, by determining each user's unique digital identifier; an ability to generate encryption secrets; and a database in which to store the encryption secrets: the one or more identity services subscribers providing the required access privileges to the one or more users, and relying on authentication services from the identity authentication provider; and wherein the identity authentication provider creates a subscriber secret that is unique for each subscriber such that each time the user authenticates for the purpose of gaining access from the subscriber, the associated subscriber secret is used to encrypt the user's unique digital identifier before sending the user's unique digital identifier from the identity authentication provider to the subscriber.

2. The federated identity authentication system of claim 1 , wherein the subscriber never learns the subscriber secret associated with an subscriber's account and only receives the user's unique digital identifier in the encrypted form.

3. The federated identity authentication system of claim 1 , wherein a secure portal is used to establish a secure channel between the user computer and the identity authentication provider.

4. The federated identity authentication system of claim 1 , wherein a secure portal is used to establish a secure channel between the identity authentication provider and the one or more identity services subscribers.

5. A method of providing authentication services comprising: one or more users requiring access to privileges from one or more identity services subscribers; an identity authentication provider having capabilities to securely authenticate a user, by determining each user's unique digital identifier; creating a subscriber secret by the identity authentication provider at the time a subscriber is enrolled with the identity authentication provider for services, the associated subscriber secret is used to encrypt the user's unique digital identifier before sending the user's unique digital identifier from the identity authentication provider to the subscriber; storing the subscriber secret in a database operated by the authentication provider such that the subscriber secret can be retrieved to be used as an encryption key associated with the subscriber.